GuardiCore (Deprecated)
GuardiCore Pack.#
This Integration is part of theDeprecated
Use GuardiCore v2 instead.
Data center breach detection. This integration was integrated and tested with version v3.0 of GuardiCore API.
#
Configure GuardiCore in CortexParameter | Required |
---|---|
Server URL (e.g. https://192.168.0.1) | True |
Username | True |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
guardicore-get-incidentsDisplay information about incidents (with filters).
#
Base Commandguardicore-get-incidents
#
InputArgument Name | Description | Required |
---|---|---|
severity | Filter by severity. Possible values are: High, Low, Medium. | Optional |
tag | Filter by tag. | Optional |
from_time | From which date to fetch incidents, format is YYYY-MM-DD. | Optional |
to_time | Until which date to fetch incidents, format is YYYY-MM-DD. | Optional |
incident_type | Filter by type of incidents, e.g. Deception, Lateral Movement. | Optional |
source | Filter by source (hostname or IP address). | Optional |
destination | Filter by destination (hostname or IP address). | Optional |
#
guardicore-uncommon-domainsDisplay the uncommon domains.
#
Base Commandguardicore-uncommon-domains
#
InputArgument Name | Description | Required |
---|
#
guardicore-unresolved-domainsDisplay the unresolved domains.
#
Base Commandguardicore-unresolved-domains
#
InputArgument Name | Description | Required |
---|
#
guardicore-show-endpointDisplay information about the endpoint given its ID.
#
Base Commandguardicore-show-endpoint
#
InputArgument Name | Description | Required |
---|---|---|
host_id | The host ID. | Required |
#
guardicore-dns-requestsDisplay the DNS requests.
#
Base Commandguardicore-dns-requests
#
InputArgument Name | Description | Required |
---|
#
guardicore-search-endpointDisplay information about the endpoint by its hostname or IP address.
#
Base Commandguardicore-search-endpoint
#
InputArgument Name | Description | Required |
---|---|---|
ip_address | The IP address of the endpoint. | Optional |
name | The hostname of the endpoint. | Optional |
#
guardicore-misconfigurationsDisplay the misconfigurations.
#
Base Commandguardicore-misconfigurations
#
InputArgument Name | Description | Required |
---|
#
guardicore-get-incidentDisplay information about the given incident.
#
Base Commandguardicore-get-incident
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the incident. | Required |
#
guardicore-get-incident-iocsDisplay the IOCs (Indicators of Compromise) of the given incident.
#
Base Commandguardicore-get-incident-iocs
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the incident. | Required |
#
guardicore-get-incident-eventsDisplay the events related to the given incidents.
#
Base Commandguardicore-get-incident-events
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the incident. | Required |
#
guardicore-get-incident-pcapRetrieve the PCAP file attached to the given incident.
#
Base Commandguardicore-get-incident-pcap
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the incident. | Required |
#
guardicore-get-incident-attachmentsRetrieve the files attached to the given incidents.
#
Base Commandguardicore-get-incident-attachments
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the incident. | Required |
#
guardicore-search-network-logSearches within the network log (with filters).
#
Base Commandguardicore-search-network-log
#
InputArgument Name | Description | Required |
---|---|---|
source | Filter by source (hostname or IP address). | Optional |
destination | Filter by destination (hostname or IP address). | Optional |
port | Filter by port number. | Optional |
uuid | Filter by Event ID. | Optional |